rpm/slurm
SHA256
1
0
Fork 0
forked from pool/slurm
Code Pull Requests Activity
fde06d1d7d
slurm/pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch

57 lines
1.9 KiB
Diff
Raw Normal View History

Accepting request 663733 from home:mslacken:slurm18 - Update to 18.08.04, with following highlights * Fix message sent to user to display preempted instead of time limit when a job is preempted. * Fix memory leak when a failure happens processing a nodes gres config. * Improve error message when failures happen processing a nodes gres config. * Don't skip jobs in scontrol hold. * Allow --cpu-bind=verbose to be used with SLURM_HINT environment variable. * Enhanced handling for runaway jobs * cons_res: Delay exiting cr_job_test until after cores/cpus are calculated and distributed. * Don't check existence of srun --prolog or --epilog executables when set to "none" and SLURM_TEST_EXEC is used. * Add "P" suffix support to job and step tres specifications. * Fix jobacct_gather/cgroup to work correctly when more than one task is started on a node. * salloc - set SLURM_NTASKS_PER_CORE and SLURM_NTASKS_PER_SOCKET in the environment if the corresponding command line options are used. * slurmd - fix handling of the -f flag to specify alternate config file locations. * Add SchedulerParameters option of bf_ignore_newly_avail_nodes to avoid scheduling lower priority jobs on resources that become available during the backfill scheduling cycle when bf_continue is enabled. * job_submit/lua: Add several slurmctld return codes and add user/group info * salloc/sbatch/srun - print warning if mutually exclusive options of --mem and --mem-per-cpu are both set. - Refreshed: * pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch OBS-URL: https://build.opensuse.org/request/show/663733 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=81
2019-01-08 20:05:14 +01:00
From d630acbf5709dcf03f9e8cd1739a77cfe6c1e4b8 Mon Sep 17 00:00:00 2001
Accepting request 657422 from home:mslacken:slurm18 - restarting services on update only when activated - added rotation of logs - Added backported patches which harden the pam module pam_slurm_adopt (BOO#1116758) which will be in slurm 19.05.x * added pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM * added pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data * added pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is logging on - package slurm-pam_slurm now depends on slurm-node and not on slurm OBS-URL: https://build.opensuse.org/request/show/657422 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=79
2018-12-12 10:28:26 +01:00
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 15:08:53 +0100
Subject: [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is
logging on
In some systems there can be multiple user accounts for uid 0, therefore
the check for literal user name "root" might be insufficient.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/pam_slurm_adopt.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/contribs/pam_slurm_adopt/pam_slurm_adopt.c b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
Accepting request 663733 from home:mslacken:slurm18 - Update to 18.08.04, with following highlights * Fix message sent to user to display preempted instead of time limit when a job is preempted. * Fix memory leak when a failure happens processing a nodes gres config. * Improve error message when failures happen processing a nodes gres config. * Don't skip jobs in scontrol hold. * Allow --cpu-bind=verbose to be used with SLURM_HINT environment variable. * Enhanced handling for runaway jobs * cons_res: Delay exiting cr_job_test until after cores/cpus are calculated and distributed. * Don't check existence of srun --prolog or --epilog executables when set to "none" and SLURM_TEST_EXEC is used. * Add "P" suffix support to job and step tres specifications. * Fix jobacct_gather/cgroup to work correctly when more than one task is started on a node. * salloc - set SLURM_NTASKS_PER_CORE and SLURM_NTASKS_PER_SOCKET in the environment if the corresponding command line options are used. * slurmd - fix handling of the -f flag to specify alternate config file locations. * Add SchedulerParameters option of bf_ignore_newly_avail_nodes to avoid scheduling lower priority jobs on resources that become available during the backfill scheduling cycle when bf_continue is enabled. * job_submit/lua: Add several slurmctld return codes and add user/group info * salloc/sbatch/srun - print warning if mutually exclusive options of --mem and --mem-per-cpu are both set. - Refreshed: * pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch OBS-URL: https://build.opensuse.org/request/show/663733 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=81
2019-01-08 20:05:14 +01:00
index dccad90185..f1d062885e 100644
Accepting request 657422 from home:mslacken:slurm18 - restarting services on update only when activated - added rotation of logs - Added backported patches which harden the pam module pam_slurm_adopt (BOO#1116758) which will be in slurm 19.05.x * added pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM * added pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data * added pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is logging on - package slurm-pam_slurm now depends on slurm-node and not on slurm OBS-URL: https://build.opensuse.org/request/show/657422 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=79
2018-12-12 10:28:26 +01:00
--- a/contribs/pam_slurm_adopt/pam_slurm_adopt.c
+++ b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
@@ -708,17 +708,6 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
opts.ignore_root = 1;
}
- /* Ignoring root is probably best but the admin can allow it */
- if (!strcmp(user_name, "root")) {
- if (opts.ignore_root) {
- info("Ignoring root user");
- return PAM_IGNORE;
- } else {
- /* This administrator is crazy */
- info("Danger!!! This is a connection attempt by root and ignore_root=0 is set! Hope for the best!");
- }
- }
-
/* Calculate buffer size for getpwnam_r */
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1)
@@ -740,6 +729,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
if (_load_cgroup_config() != SLURM_SUCCESS)
return rc;
+ /* Ignoring root is probably best but the admin can allow it */
+ if (pwd.pw_uid == 0) {
+ if (opts.ignore_root) {
+ info("Ignoring root user");
+ return PAM_IGNORE;
+ } else {
+ /* This administrator is crazy */
+ info("Danger!!! This is a connection attempt by root (user id 0) and ignore_root=0 is set! Hope for the best!");
+ }
+ }
Accepting request 663733 from home:mslacken:slurm18 - Update to 18.08.04, with following highlights * Fix message sent to user to display preempted instead of time limit when a job is preempted. * Fix memory leak when a failure happens processing a nodes gres config. * Improve error message when failures happen processing a nodes gres config. * Don't skip jobs in scontrol hold. * Allow --cpu-bind=verbose to be used with SLURM_HINT environment variable. * Enhanced handling for runaway jobs * cons_res: Delay exiting cr_job_test until after cores/cpus are calculated and distributed. * Don't check existence of srun --prolog or --epilog executables when set to "none" and SLURM_TEST_EXEC is used. * Add "P" suffix support to job and step tres specifications. * Fix jobacct_gather/cgroup to work correctly when more than one task is started on a node. * salloc - set SLURM_NTASKS_PER_CORE and SLURM_NTASKS_PER_SOCKET in the environment if the corresponding command line options are used. * slurmd - fix handling of the -f flag to specify alternate config file locations. * Add SchedulerParameters option of bf_ignore_newly_avail_nodes to avoid scheduling lower priority jobs on resources that become available during the backfill scheduling cycle when bf_continue is enabled. * job_submit/lua: Add several slurmctld return codes and add user/group info * salloc/sbatch/srun - print warning if mutually exclusive options of --mem and --mem-per-cpu are both set. - Refreshed: * pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch OBS-URL: https://build.opensuse.org/request/show/663733 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=81
2019-01-08 20:05:14 +01:00
/*
* Check if there are any steps on the node from any user. A failure here
Accepting request 657422 from home:mslacken:slurm18 - restarting services on update only when activated - added rotation of logs - Added backported patches which harden the pam module pam_slurm_adopt (BOO#1116758) which will be in slurm 19.05.x * added pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM * added pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data * added pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is logging on - package slurm-pam_slurm now depends on slurm-node and not on slurm OBS-URL: https://build.opensuse.org/request/show/657422 OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=79
2018-12-12 10:28:26 +01:00
--
2.16.4
Copy Permalink